Suppose F(X) = (5X) mod 9 is used to generate a one time password.
I am supposed to generate the first 8 values using the above formula, starting with the seed value of F(5)
Well I know that F(5) = ...

I need to create a system that allows a user to enter codes to charge an allowance. Embedded in this code should be the amount to charge the allowance.
The user would pay for a code which would then ...

I've been reading through RFC4226 as part of some research and I was wondering why the function to truncate the HMAC was so complicated. As far as I understand it, the last 4 bits of the HMAC define ...

Is there a credible scenario in which the OTP (One Time Password) for online credit card transactions ( specifically for Verified by Visa) can be bypassed?
Context: A guy I know was cheated via the ...

I have a system with a OTP authentication and I need a method to encrypt the main "secret algorithm". In my system each OTP has a pair named "solution" and it is also changing like the OTP. I need to ...

Take for example 1Password, that now can store your password and one time password secret in a single place (your 1Password vault).
I know it isn't truly two-factor anymore, but how much better is it ...

I was working on implementing an OTP strategy in our login process of a web application when I was asking myself: Should I ask for the OTP token before or after asking for the username/password?
What ...

I've just picked up a YubiKey.
However, the demo Yubico redirect you to is served over plain HTTP, over which each OTP you generate during the demo is POSTed, enabling you to verify that your key is ...

For a lot of web services offering two factor authentication, after setting up the system, you are given a short list of backup codes (one-time pads) that are around 7-10 characters long. These are ...

Can rfc6238 be used for transaction signing by concatenating the random seed string with transaction details (such as amount and target account number) ? Could a transaction authorization 8-cipher OTP ...

I have read that in order for a one time pad to be truly secure, the pad itself must be random data. Given the practical difficulty of sharing a secure random pad, I was wondering what would be the ...

Google recently announced support for Universal 2nd Factor (U2F) authentication in Chrome and started allowing that authentication mechanism to be used for 2-factor authentication across their various ...

Google and Yubico just announced the availability of cryptographic security tokens following the FIDO U2F specification. Is this just another 2FA option, or is this significantly better than solutions ...

I have an idea for an algorithm. I don't know if I made any mistakes and need some extra thoughts/peer review on it.
This would work as an (almost)zero knowledge proof for sending passwords that can ...

Scenario: a web app with two-factor authentication using username/password and hardware OTP.
Once logged into the app, one of the app modules should be used in a tablet or any mobile device without a ...

All OTP systems that I have observed, send a new OTP every time a user requests for an OTP. (for example whatsapp)
Only the latest OTP is valid and an OTP can only be used for X hours.
I am wondering ...

I'm new to concept of TOTP, but as I understand, 16-character base32-encoded shared secret is stored in the client application(for example Authy, FreeOTP)? This means that if I remove the application, ...

Suppose we have a master key, and we want to encrypt some file(s). We then generate one-time key for that file, use it to encrypt file contents, and finally encrypt one-time key using master key (with ...

I just discovered the YubiKey NEO which seems like a pretty awesome device for maintaining security for a variety of different things including computer login, SSH private keys, GPG private keys, and ...

[Being a LastPass user] recently I moved to Google Authenticator instead of using Grid Authentication as a 2-factor security. For me, finding and filling letters from such a dense matrix is a rather ...

I am using HOTP to generate OTP to validate a request, in order to prevent replay attacks. I'm thinking about using a window of 10 (or so) iterations to accommodate a possible mismatch in the counter ...

We're considering a 2 factor TOTP solution on a mobile phone. However, it would be much easier for the user to somehow send the OTP to the server by pushing a button, rather than manually typing in a ...

To log into my online banking, I have to answer a basic personal question such as "What is your mother's maiden name" or "What is your grandfather's middle name", as well as enter a one-time code from ...